New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add XMSS/XMSSMT wolfCrypt hooks. #6840
Conversation
The way I'm building xmss with wolfcrypt is breaking our dependency tracking logic. I will fix it to be more like LMS. |
INSTALL
Outdated
To build verify-only patched xmss-reference: | ||
$ make xmss_verify_lib.a | ||
|
||
Note that this patch adds wolfCrypt SHA256 hashing to xmss-reference, and |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note that this patch changes xmss-reference to use wolfCrypt SHA256 hashing, and ....
INSTALL
Outdated
Note that this patch adds wolfCrypt SHA256 hashing to xmss-reference, and | ||
thus benefits from all the same asm speedups as wolfCrypt SHA hashing. | ||
Depending on architecture you may build with --enable-intelasm, or | ||
and --enable-armasm, and see 30-40% speedups in XMSS/XMSS^MT. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
first "and" should be removed.
|
||
For full keygen, signing, verifying, and benchmarking support, build | ||
wolfSSL with: | ||
$ ./configure \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
wait...if xmss uses wolfssl for sha, then why doesn't it need to have wolfSSL around first? Is it done by registering callbacks? If so, just a short sentence about how its done would be nice.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Correct, by registering a sha callback. Good point, I'll update these comments.
wolfcrypt/benchmark/benchmark.c
Outdated
/* All NIST SP 800-208 approved SHA256 XMSS/XMSS^MT parameter | ||
* sets. | ||
* | ||
* note: not testing "XMSS-SHA2_16_256", "XMSS-SHA2_20_256", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
N in note should be capitalized.
wolfcrypt/src/ext_xmss.c
Outdated
return 0; | ||
} | ||
|
||
/* Sets the Xmss key parameters, given an oid. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In comments I think all instances of "oid" should be "OID" as its an acronym.
wolfcrypt/src/ext_xmss.c
Outdated
return 0; | ||
} | ||
|
||
/* Set the Xmss key parameter string. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Xmss should be XMSS in comments. (all caps) here and in other places.
This looks good so far but I noticed it depends on samples repo. Can you assign me as review on that as well? |
Took it for a spin and got
Not sure if this is okay or not. |
Correct, this and the LMS The wolfBoot LMS and XMSS builds do not have this warning, as they do not build libwolfssl, but rather directly link against the wolfcrypt objects needed. |
Description
This is a companion PR to:
Adds XMSS/XMSS^MT hooks to wolfCrypt. This is achieved by integration with a patched xmss-reference.
This PR adds:
--enable-xmss --with-libxmss=<path to patched xmss src>
.--enable-xmss=verify-only
instead.wolfcrypt/test/test.c
for both normal and verify-only builds.wolfcrypt/benchmark/benchmark.c
.INSTALL
item with instructions for building xmss-hooks (see item 20:20. Building with xmss-reference lib for XMSS/XMSS^MT support [EXPERIMENTAL]
).Supported xmss parameters
This supports all SHA256 parameter sets from RFC 8391 and NIST SP 800-208.
A table showing the XMSS parameter sets was added in the documentation PR here:
wolfSSL/src/appendix07.md#supported-parameters-1
Also, see
wolfssl/wolfcrypt/xmss.h
for additional info.Building
See item 20 of the INSTALL file:
Documentation
Opened a XMSS/XMSS^MT documentation pull request:
Benchmark
The patch updates xmss-reference to use wolfCrypt SHA256 for hashing, and benefits from asm speedups. See the documentation PR for full x86_64 and aarch64 benchmarking.
Benchmark with
--enable-intelasm
:Benchmark without intelasm: